Sign In
Sign In
SERVICE DISRUPTION:
During the Canada Post service distruption, mail from Access Credit Union may be delayed. Learn More.

NEW APP FEATURE: Effective October 8, 2025, both Android and iOS apps will be upgraded to new versions that include mandatory multi-factor authentication. Find out how to prepare.

CAFT Safety

  1. Business
  2. Convenience
  3. Customer Automated Funds Transfer (CAFT)
  4. CAFT Safety

Stay Protected from CAFT Cyber Attacks



With the increase of sophisticated phishing scams within the financial industry, it is important that all members are cyber aware of threats and the actions these bad actors use to gain access to your critical information using the CAFT payment system.


What is CAFT?

Customer Automated Funds Transfer (CAFT) is a web-based solution that allows a business to manage payments. CAFT is compatible with most accounting software and provides the option to enter data manually online. 

CAFT is a web-based application, therefore accounts could be exposed to cyber fraud if the business or employee's computer system becomes compromised. 

Hand catching falling coins

With CAFT businesses can: 

  • Initiate direct deposits, such as payroll or accounts payable

  • Collect payments such as loans, accounts receivable, strata/condo fees, donations, and club fees/dues


Lock icon representing a security warning

If you notice unusual activity: 

  • Check the CAFT Activity Log and History File information. 

  • Contact Access Credit Union.

  • Change your CAFT password immediately.

  • If you have been compromised, follow the security
    procedures of your company.



As a CAFT user, you are responsible for:

  1. Protecting your passwords and User IDs.
  2. Managing your CAFT transactions.
  3. Verifying file totals prior to file processing.
  4. Releasing files in a timely manner.
  5. Reviewing CAFT email notifications upon receipt.
  6. Reviewing your Activity Log.
     
  1. Reviewing your History File.
  2. Verifying all NAFT reports.
  3. Verifying account settlement to the settlement register (AFTR0010).
  4. Contacting us about any changes to Originator information.
  5. Immediately notifying us of any unusual activity.


What can I do to protect myself?


Users can prevent transaction processing due to key error, theft or fraud by:

  1. Enhancing cyber security practices:
    • Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses.
    • Ensure virus protection and security software and the operating systems/applications on your computer are updated regularly.
  2. Implementing internal controls (segregation of duties, dual authorization, setting CAFT limits).
  3. Reviewing transaction files for accuracy.
  4. Reviewing CAFT email notifications.
  5. Reconciling banking transactions daily.
  6. Talking to an insurance provider about Social Engineering coverage.
TIP: Familiarize yourself with your account agreement and your business's liability coverage for fraud.

Best Practices

Get familiar with the CAFT controls available to you and what you are responsible for: segregation of duties, dual authorization, and setting CAFT limits.

Work with us to understand the CAFT controls that are in place to reduce the risk of fraudulent activity. These CAFT controls are critical in helping protect you.

Bad actors and fraud are now the norm and these controls are in place to help mitigate fraud attempts.

Icon Caftcontrols

Use strong passwords


The best way to guard against these types of attacks is to use a strong password. This includes:
  • 12 characters minimum
  • Using a mix of alphanumeric characters (a-z, A-Z, 0-9)
  • Using a mix of special characters: ‘ – , . /
  • NOT using dictionary words or common names
  • NOT using sequential or repeating numbers or letters such as abc, 123, 555
  • NEVER re-using a password
  • NEVER sharing your password with anyone

Lightbulb icon indicating a tipTIP: Consider using a random password generator for maximum security such as: 
Icon Rightwebsite

Use the right website


Always use the login page on your browser to login to an account or online service – never use links in an email. Ensure you are accessing the legitimate CAFT Payment Services website.

Please do this by typing in the legitimate CAFT site directly:

https://www.caft.paymentsanytime.com.

Lightbulb icon indicating a tip TIP: Save this site as a bookmark in your web browser.

Icon Infosafe

Keep your information safe


Create strong passwords and never share your User ID or password.

Do not communicate or keep a copy of your usernames and/or passwords for any of your financial services ( or other secure logins) in your email account.

A common way of gaining illegitimate access to a secured account is through the discovery of sensitive information within a compromised email account. 

Lightbulb icon indicating a tipTIP: Enable multi-factor authentication (MFA) on your email account, if available, for an added layer of security – for example, so you are prompted to enter a security code sent to your phone whenever you attempt to login to your email from a new device. If your current email provider does not offer MFA, switch to a more secure provider that offers these tools such as Gmail, Hotmail, Yahoo, Outlook, or Live.ca.
Icon Dontclicklinks

Don't click links


Never click on links or attachments from an unexpected email, even if it looks like it is from a person or organization you know. In this case, never click on a link to CAFT sent via an unexpected email, text message, or from a search engine advertisement. These links may take you to fraudulent sites.

Lightbulb icon indicating a tipTIP: CAFT system emails don’t have links! There may be a text file attached if you have processed a transaction recently. These attachments end in .txt.

Cyber security is everyone’s responsibility!

Remember the following to keep your information safe:

  1. Create a difficult to guess password using a combination of letters and numbers and never share your User ID or passwords.

  2. Logout of any secure accounts, such as online banking, when finished. DO not just close the browser window.

  3. Lock or logout of your computer when unattended.

  4. Never access your Access Credit Union accounts or services using open/free WiFi (e.g. coffee shops, public libraries, hotels, etc.). If you must access these services in a public location, opt to use data instead.

  5. Be mindful of phishing scams: never open an attachment or links from unexpected emails, even if they look legitimate.

TIP: Even if an email appears to be coming from a legitimate sender, if it involves making changes to login or banking information, verify the legitimacy with the sender via another communication method (e.g. phone call).


Additional Resources

Contact Us


Access Credit Union can support you in understanding the CAFT controls you have in place. These controls are critical in helping protect you, and your information.

Contact us to learn more.



Please note, there is no indication that the CAFT system is not secure. Rather these fraud attempts are as a result of the compromised user access IDs and emails.




Contact Us


Access Credit Union can support you in understanding the CAFT controls you have in place. These controls are critical in helping protect you, and your information.

Contact us to learn more.


This website uses cookies to improve your user experience. By continuing to browse the site you are agreeing to our use of cookies.